Hi Martin, Thank you for your quick answer. As a generic open-source project, covering the basic part of protocols is an advisable selection because the corresponding specification always is in change. The current implementation of these two authentication mechanisms is a good start for future development, thank you.
Best Regards, David -----邮件原件----- 发件人: Martin Willi [mailto:[email protected]] 发送时间: 2009年9月21日 17:36 收件人: weiping deng 抄送: [email protected] 主题: Re: question about the handling of identity payload during the procedure of EAP-SIM and EAP-AKA Hi, > In the current implementation of EAP-SIM and EAP-AKA authentication, > the payload of IDENTITY REQ was not handled or handled with only > attribute ID. For EAP-SIM, we just reply identity requests with the configured identity. The same semantics have been implemented for EAP-AKA just last week. > Is there a specific cause for this? I refer to some document about > these two authentication mechanism, IDENTITY REQ payload is still > needed. We do not support all the glory of these protocols, just the basics (no Re-Authentication, Pseudonyms, ...). I think we are in the specs when answering identity requests with our IKE/EAP identity. > So if I want to simulate the whole procedure of SRES and Kc > calculating procedure in SIM card, what algorithms should be > implemented by me. And where I can get the material for comp128-2 and > comp128-3? I'm not very familiar with these GSM specs, but there are probably different variations of these algorithms (this is the case at least for AKA)... Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
